Change log for chromium-browser package in Ubuntu
| 226 → 300 of 614 results | First • Previous • Next • Last |
chromium-browser (62.0.3202.94-0ubuntu0.17.04.1388) zesty; urgency=medium * Upstream release: 62.0.3202.94 -- Olivier Tilloy <email address hidden> Mon, 13 Nov 2017 23:39:47 +0100
Available diffs
chromium-browser (62.0.3202.94-0ubuntu0.14.04.1215) trusty; urgency=medium * Upstream release: 62.0.3202.94 -- Olivier Tilloy <email address hidden> Mon, 13 Nov 2017 23:38:02 +0100
Available diffs
- diff from 62.0.3202.89-0ubuntu0.14.04.1213 to 62.0.3202.94-0ubuntu0.14.04.1215 (pending)
chromium-browser (62.0.3202.94-0ubuntu0.16.04.1317) xenial; urgency=medium * Upstream release: 62.0.3202.94 -- Olivier Tilloy <email address hidden> Mon, 13 Nov 2017 23:17:10 +0100
Available diffs
chromium-browser (62.0.3202.94-0ubuntu0.17.10.1388) artful; urgency=medium * Upstream release: 62.0.3202.94 -- Olivier Tilloy <email address hidden> Mon, 13 Nov 2017 22:48:24 +0100
Available diffs
chromium-browser (62.0.3202.89-0ubuntu0.14.04.1213) trusty; urgency=medium
* Upstream release: 62.0.3202.89
- CVE-2017-15398: Stack buffer overflow in QUIC.
- CVE-2017-15399: Use after free in V8.
-- Olivier Tilloy <email address hidden> Mon, 06 Nov 2017 23:01:32 +0100
Available diffs
chromium-browser (62.0.3202.89-0ubuntu0.16.04.1315) xenial; urgency=medium
* Upstream release: 62.0.3202.89
- CVE-2017-15398: Stack buffer overflow in QUIC.
- CVE-2017-15399: Use after free in V8.
-- Olivier Tilloy <email address hidden> Mon, 06 Nov 2017 22:59:12 +0100
Available diffs
chromium-browser (62.0.3202.89-0ubuntu0.17.04.1386) zesty; urgency=medium
* Upstream release: 62.0.3202.89
- CVE-2017-15398: Stack buffer overflow in QUIC.
- CVE-2017-15399: Use after free in V8.
-- Olivier Tilloy <email address hidden> Mon, 06 Nov 2017 22:49:46 +0100
Available diffs
chromium-browser (62.0.3202.89-0ubuntu0.17.10.1386) artful; urgency=medium
* Upstream release: 62.0.3202.89
- CVE-2017-15398: Stack buffer overflow in QUIC.
- CVE-2017-15399: Use after free in V8.
-- Olivier Tilloy <email address hidden> Mon, 06 Nov 2017 22:40:20 +0100
Available diffs
chromium-browser (62.0.3202.75-0ubuntu0.14.04.1211) trusty; urgency=medium
* Upstream release: 62.0.3202.75
- CVE-2017-15396: Stack overflow in V8.
* debian/control: bump Standards-Version to 4.1.1
* debian/patches/set-rpath-on-chromium-executables.patch: updated
* debian/tests/*:
- removed stale autopkgtests
- added new autopkgtests based on chromium's new headless mode
* debian/source/include-binaries: updated to reflect new binary data in tests
-- Olivier Tilloy <email address hidden> Fri, 27 Oct 2017 19:53:25 +0200
Available diffs
chromium-browser (62.0.3202.75-0ubuntu0.16.04.1313) xenial; urgency=medium
* Upstream release: 62.0.3202.75
- CVE-2017-15396: Stack overflow in V8.
* debian/control: bump Standards-Version to 4.1.1
* debian/patches/set-rpath-on-chromium-executables.patch: updated
* debian/tests/*:
- removed stale autopkgtests
- added new autopkgtests based on chromium's new headless mode
* debian/source/include-binaries: updated to reflect new binary data in tests
-- Olivier Tilloy <email address hidden> Fri, 27 Oct 2017 19:48:18 +0200
Available diffs
chromium-browser (62.0.3202.75-0ubuntu0.17.04.1384) zesty; urgency=medium
* Upstream release: 62.0.3202.75
- CVE-2017-15396: Stack overflow in V8.
* debian/control: bump Standards-Version to 4.1.1
* debian/patches/set-rpath-on-chromium-executables.patch: updated
* debian/tests/*:
- removed stale autopkgtests
- added new autopkgtests based on chromium's new headless mode
* debian/source/include-binaries: updated to reflect new binary data in tests
-- Olivier Tilloy <email address hidden> Fri, 27 Oct 2017 19:22:48 +0200
Available diffs
- diff from 62.0.3202.62-0ubuntu0.17.04.1379 to 62.0.3202.75-0ubuntu0.17.04.1384 (pending)
chromium-browser (62.0.3202.75-0ubuntu0.17.10.1384) artful; urgency=medium
* Upstream release: 62.0.3202.75
- CVE-2017-15396: Stack overflow in V8.
* debian/control: bump Standards-Version to 4.1.1
* debian/patches/set-rpath-on-chromium-executables.patch: updated
-- Olivier Tilloy <email address hidden> Fri, 27 Oct 2017 18:36:02 +0200
Available diffs
chromium-browser (62.0.3202.62-0ubuntu0.14.04.1204) trusty; urgency=medium
* Upstream release: 62.0.3202.62
- CVE-2017-5124: UXSS with MHTML.
- CVE-2017-5125: Heap overflow in Skia.
- CVE-2017-5126: Use after free in PDFium.
- CVE-2017-5127: Use after free in PDFium.
- CVE-2017-5128: Heap overflow in WebGL.
- CVE-2017-5129: Use after free in WebAudio.
- CVE-2017-5132: Incorrect stack manipulation in WebAssembly.
- CVE-2017-5130: Heap overflow in libxml2.
- CVE-2017-5131: Out of bounds write in Skia.
- CVE-2017-5133: Out of bounds write in Skia.
- CVE-2017-15386: UI spoofing in Blink.
- CVE-2017-15387: Content security bypass.
- CVE-2017-15388: Out of bounds read in Skia.
- CVE-2017-15389: URL spoofing in OmniBox.
- CVE-2017-15390: URL spoofing in OmniBox.
- CVE-2017-15391: Extension limitation bypass in Extensions.
- CVE-2017-15392: Incorrect registry key handling in PlatformIntegration.
- CVE-2017-15393: Referrer leak in Devtools.
- CVE-2017-15394: URL spoofing in extensions UI.
- CVE-2017-15395: Null pointer dereference in ImageCapture.
* debian/control:
- build with clang 4.0
- bump Standards-Version to 4.1.0
* debian/rules:
- build with clang 4.0
- also build gn with clang 4.0
- do not disable swiftshader on i386 (LP: #1697496)
- when building on armhf, pass symbol_level=0 to gn in the hope that
Launchpad builders won't run out of memory when linking
* debian/patches/additional-search-engines.patch: refreshed
* debian/patches/allow-component-build: removed, unused
* debian/patches/arm64-vpx-alignment: removed, no longer needed
* debian/patches/c++-compatibility.patch: added
* debian/patches/defang-ct-timebomb: removed, unused
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/fix-argument-evaluation-order.patch: removed, no longer
needed
* debian/patches/fix-compilation-for-atk.patch: removed, no longer needed
* debian/patches/fix-compilation-for-atk-version-check.patch: removed, no
longer needed
* debian/patches/fix-gn-bootstrap.patch: updated
* debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed
* debian/patches/gcc-compilation-fixes.patch: removed, no longer needed
* debian/patches/make-base-numerics-build-with-gcc.patch: removed, no longer
needed
* debian/patches/no-new-ninja-flag.patch: added
* debian/patches/protobuf-fullness: removed, unused
* debian/patches/really-disable-swiftshader-on-x86.patch: removed, no longer
needed
* debian/patches/reduce-ld-memory-usage.patch: removed, no longer needed
* debian/patches/revert-clang-nostdlib++.patch: added
* debian/patches/revert-llvm-ar.patch: removed, no longer needed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: added
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/use-clang-versioned.patch: added
* debian/patches/use-gcc-versioned: removed, no longer needed
* debian/patches/vulkan-c99.patch: removed, no longer needed
* debian/patches/widevine-other-locations: refreshed
* debian/known_gyp_flags: removed, unused
* debian/known_gn_gen_args-[i386,amd64,armhf]: added
-- Olivier Tilloy <email address hidden> Thu, 19 Oct 2017 11:07:58 +0200
Available diffs
chromium-browser (62.0.3202.62-0ubuntu0.16.04.1308) xenial; urgency=medium
* Upstream release: 62.0.3202.62
- CVE-2017-5124: UXSS with MHTML.
- CVE-2017-5125: Heap overflow in Skia.
- CVE-2017-5126: Use after free in PDFium.
- CVE-2017-5127: Use after free in PDFium.
- CVE-2017-5128: Heap overflow in WebGL.
- CVE-2017-5129: Use after free in WebAudio.
- CVE-2017-5132: Incorrect stack manipulation in WebAssembly.
- CVE-2017-5130: Heap overflow in libxml2.
- CVE-2017-5131: Out of bounds write in Skia.
- CVE-2017-5133: Out of bounds write in Skia.
- CVE-2017-15386: UI spoofing in Blink.
- CVE-2017-15387: Content security bypass.
- CVE-2017-15388: Out of bounds read in Skia.
- CVE-2017-15389: URL spoofing in OmniBox.
- CVE-2017-15390: URL spoofing in OmniBox.
- CVE-2017-15391: Extension limitation bypass in Extensions.
- CVE-2017-15392: Incorrect registry key handling in PlatformIntegration.
- CVE-2017-15393: Referrer leak in Devtools.
- CVE-2017-15394: URL spoofing in extensions UI.
- CVE-2017-15395: Null pointer dereference in ImageCapture.
* debian/control: bump Standards-Version to 4.1.0
* debian/patches/additional-search-engines.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/fix-compilation-for-atk.patch: removed, no longer needed
* debian/patches/fix-gn-bootstrap.patch: updated
* debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed
* debian/patches/make-base-numerics-build-with-gcc.patch: removed, no longer
needed
* debian/patches/no-new-ninja-flag.patch: added
* debian/patches/revert-clang-nostdlib++.patch: added
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: added
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/use-clang-versioned.patch: refreshed
* debian/patches/widevine-other-locations: refreshed
-- Olivier Tilloy <email address hidden> Wed, 18 Oct 2017 22:47:27 +0200
Available diffs
chromium-browser (62.0.3202.62-0ubuntu0.17.04.1379) zesty; urgency=medium
* Upstream release: 62.0.3202.62
- CVE-2017-5124: UXSS with MHTML.
- CVE-2017-5125: Heap overflow in Skia.
- CVE-2017-5126: Use after free in PDFium.
- CVE-2017-5127: Use after free in PDFium.
- CVE-2017-5128: Heap overflow in WebGL.
- CVE-2017-5129: Use after free in WebAudio.
- CVE-2017-5132: Incorrect stack manipulation in WebAssembly.
- CVE-2017-5130: Heap overflow in libxml2.
- CVE-2017-5131: Out of bounds write in Skia.
- CVE-2017-5133: Out of bounds write in Skia.
- CVE-2017-15386: UI spoofing in Blink.
- CVE-2017-15387: Content security bypass.
- CVE-2017-15388: Out of bounds read in Skia.
- CVE-2017-15389: URL spoofing in OmniBox.
- CVE-2017-15390: URL spoofing in OmniBox.
- CVE-2017-15391: Extension limitation bypass in Extensions.
- CVE-2017-15392: Incorrect registry key handling in PlatformIntegration.
- CVE-2017-15393: Referrer leak in Devtools.
- CVE-2017-15394: URL spoofing in extensions UI.
- CVE-2017-15395: Null pointer dereference in ImageCapture.
* debian/control: bump Standards-Version to 4.1.0
* debian/patches/additional-search-engines.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/fix-compilation-for-atk.patch: removed, no longer needed
* debian/patches/fix-gn-bootstrap.patch: updated
* debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed
* debian/patches/make-base-numerics-build-with-gcc.patch: removed, no longer
needed
* debian/patches/revert-clang-nostdlib++.patch: added
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: added
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/widevine-other-locations: refreshed
-- Olivier Tilloy <email address hidden> Wed, 18 Oct 2017 22:19:17 +0200
Available diffs
- diff from 61.0.3163.100-0ubuntu0.17.04.1377 to 62.0.3202.62-0ubuntu0.17.04.1379 (pending)
| Superseded in bionic-release |
| Deleted in bionic-proposed (Reason: moved to release) |
| Superseded in artful-updates |
| Superseded in artful-security |
chromium-browser (62.0.3202.62-0ubuntu0.17.10.1380) artful; urgency=medium
* Upstream release: 62.0.3202.62
- CVE-2017-5124: UXSS with MHTML.
- CVE-2017-5125: Heap overflow in Skia.
- CVE-2017-5126: Use after free in PDFium.
- CVE-2017-5127: Use after free in PDFium.
- CVE-2017-5128: Heap overflow in WebGL.
- CVE-2017-5129: Use after free in WebAudio.
- CVE-2017-5132: Incorrect stack manipulation in WebAssembly.
- CVE-2017-5130: Heap overflow in libxml2.
- CVE-2017-5131: Out of bounds write in Skia.
- CVE-2017-5133: Out of bounds write in Skia.
- CVE-2017-15386: UI spoofing in Blink.
- CVE-2017-15387: Content security bypass.
- CVE-2017-15388: Out of bounds read in Skia.
- CVE-2017-15389: URL spoofing in OmniBox.
- CVE-2017-15390: URL spoofing in OmniBox.
- CVE-2017-15391: Extension limitation bypass in Extensions.
- CVE-2017-15392: Incorrect registry key handling in PlatformIntegration.
- CVE-2017-15393: Referrer leak in Devtools.
- CVE-2017-15394: URL spoofing in extensions UI.
- CVE-2017-15395: Null pointer dereference in ImageCapture.
* debian/control:
- bump Standards-Version to 4.1.0
- build against clang 5.0
* debian/patches/additional-search-engines.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/fix-compilation-for-atk.patch: removed, no longer needed
* debian/patches/fix-gn-bootstrap.patch: updated
* debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed
* debian/patches/glibc-2-26-changes.patch: refreshed
* debian/patches/make-base-numerics-build-with-gcc.patch: removed, no longer
needed
* debian/patches/revert-clang-nostdlib++.patch: added
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: added
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/use-clang-versioned.patch: added
* debian/patches/widevine-other-locations: refreshed
* debian/tests/html5test: update test expectations
-- Olivier Tilloy <email address hidden> Wed, 18 Oct 2017 21:19:28 +0200
| Superseded in bionic-release |
| Obsolete in artful-release |
| Deleted in artful-proposed (Reason: moved to release) |
chromium-browser (61.0.3163.100-0ubuntu1.1378) artful; urgency=medium
* debian/patches/set-rpath-on-chromium-executables.patch: added
(LP: #1718885)
* debian/chromium-browser.sh.in: remove LD_LIBRARY_PATH manipulation,
made unnecessary by patch above
Available diffs
- diff from 60.0.3112.113-0ubuntu1.1369 to 61.0.3163.100-0ubuntu1.1378 (66.8 MiB)
- diff from 61.0.3163.79-0ubuntu1.1371 to 61.0.3163.100-0ubuntu1.1378 (pending)
chromium-browser (61.0.3163.100-0ubuntu0.14.04.1202) trusty; urgency=medium
* debian/patches/set-rpath-on-chromium-executables.patch: added
(LP: #1718885)
* debian/chromium-browser.sh.in: remove LD_LIBRARY_PATH manipulation,
made unnecessary by patch above
-- Olivier Tilloy <email address hidden> Tue, 26 Sep 2017 10:01:47 -0400
Available diffs
- diff from 61.0.3163.79-0ubuntu0.14.04.1196 to 61.0.3163.100-0ubuntu0.14.04.1202 (483.2 KiB)
- diff from 61.0.3163.100-0ubuntu0.14.04.1200 to 61.0.3163.100-0ubuntu0.14.04.1202 (pending)
chromium-browser (61.0.3163.100-0ubuntu0.16.04.1306) xenial; urgency=medium
* debian/patches/set-rpath-on-chromium-executables.patch: added
(LP: #1718885)
* debian/chromium-browser.sh.in: remove LD_LIBRARY_PATH manipulation,
made unnecessary by patch above
-- Olivier Tilloy <email address hidden> Tue, 26 Sep 2017 09:53:03 -0400
chromium-browser (61.0.3163.100-0ubuntu0.17.04.1377) zesty; urgency=medium
* debian/patches/set-rpath-on-chromium-executables.patch: added
(LP: #1718885)
* debian/chromium-browser.sh.in: remove LD_LIBRARY_PATH manipulation,
made unnecessary by patch above
-- Olivier Tilloy <email address hidden> Tue, 26 Sep 2017 09:48:13 -0400
| Superseded in artful-proposed |
chromium-browser (61.0.3163.79-0ubuntu1.1371) artful; urgency=medium
* Upstream release: 61.0.3163.79
- CVE-2017-5111: Use after free in PDFium.
- CVE-2017-5112: Heap buffer overflow in WebGL.
- CVE-2017-5113: Heap buffer overflow in Skia.
- CVE-2017-5114: Memory lifecycle issue in PDFium.
- CVE-2017-5115: Type confusion in V8.
- CVE-2017-5116: Type confusion in V8.
- CVE-2017-5117: Use of uninitialized value in Skia.
- CVE-2017-5118: Bypass of Content Security Policy in Blink.
- CVE-2017-5119: Use of uninitialized value in Skia.
- CVE-2017-5120: Potential HTTPS downgrade during redirect navigation.
* debian/control:
- bump Standards-Version to 4.0.0
- add build dependency on llvm
* debian/rules: build with is_component_build=false, is_official_build=true,
allow_posix_link_time_opt=false and fatal_linker_warnings=false
* debian/patches/additional-search-engines.patch: refreshed
* debian/patches/define__libc_malloc.patch: added
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/fix-compilation-for-atk.patch: added
* debian/patches/fix-gn-bootstrap.patch: updated
* debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed
* debian/patches/make-base-numerics-build-with-gcc.patch: added
* debian/patches/revert-llvm-ar.patch: removed, no longer needed
* debian/patches/search-credit.patch: refreshed
* debian/patches/skia-undef-HWCAP_CRC32.patch: added
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/tests/chromium-version: fix test shutdown
* debian/tests/html5test:
- fix test shutdown
- update test expectations
-- Olivier Tilloy <email address hidden> Mon, 11 Sep 2017 22:07:08 +0200
Available diffs
chromium-browser (61.0.3163.79-0ubuntu0.14.04.1196) trusty; urgency=medium
* Upstream release: 61.0.3163.79
- CVE-2017-5111: Use after free in PDFium.
- CVE-2017-5112: Heap buffer overflow in WebGL.
- CVE-2017-5113: Heap buffer overflow in Skia.
- CVE-2017-5114: Memory lifecycle issue in PDFium.
- CVE-2017-5115: Type confusion in V8.
- CVE-2017-5116: Type confusion in V8.
- CVE-2017-5117: Use of uninitialized value in Skia.
- CVE-2017-5118: Bypass of Content Security Policy in Blink.
- CVE-2017-5119: Use of uninitialized value in Skia.
- CVE-2017-5120: Potential HTTPS downgrade during redirect navigation.
* debian/control: bump Standards-Version to 4.0.0
* debian/rules:
- build with use_custom_libcxx=false to force the use of the system
libstdc++
- build with is_component_build=false, is_official_build=true,
allow_posix_link_time_opt=false and fatal_linker_warnings=false
* debian/patches/additional-search-engines.patch: refreshed
* debian/patches/define__libc_malloc.patch: added
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/fix-compilation-for-atk.patch: added
* debian/patches/fix-compilation-for-atk-version-check.patch: added
* debian/patches/fix-gn-bootstrap.patch: updated
* debian/patches/fix-webkit-layout-build-with-g++.patch: removed,
no longer needed
* debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed
* debian/patches/gcc-compilation-fixes.patch: added
* debian/patches/make-base-numerics-build-with-gcc.patch: added
* debian/patches/really-disable-swiftshader-on-x86.patch: updated
* debian/patches/reduce-ld-memory-usage.patch: added
* debian/patches/relax-ninja-version-requirement.patch: added
* debian/patches/revert-llvm-ar.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/use-gcc-versioned: refreshed
-- Olivier Tilloy <email address hidden> Mon, 11 Sep 2017 23:12:48 +0200
Available diffs
chromium-browser (61.0.3163.79-0ubuntu0.16.04.1300) xenial; urgency=medium
* Upstream release: 61.0.3163.79
- CVE-2017-5111: Use after free in PDFium.
- CVE-2017-5112: Heap buffer overflow in WebGL.
- CVE-2017-5113: Heap buffer overflow in Skia.
- CVE-2017-5114: Memory lifecycle issue in PDFium.
- CVE-2017-5115: Type confusion in V8.
- CVE-2017-5116: Type confusion in V8.
- CVE-2017-5117: Use of uninitialized value in Skia.
- CVE-2017-5118: Bypass of Content Security Policy in Blink.
- CVE-2017-5119: Use of uninitialized value in Skia.
- CVE-2017-5120: Potential HTTPS downgrade during redirect navigation.
* debian/control:
- bump Standards-Version to 4.0.0
- add build dependency on llvm-4.0
* debian/rules: build with is_component_build=false, is_official_build=true,
allow_posix_link_time_opt=false and fatal_linker_warnings=false
* debian/patches/additional-search-engines.patch: refreshed
* debian/patches/define__libc_malloc.patch: added
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/fix-compilation-for-atk.patch: added
* debian/patches/fix-gn-bootstrap.patch: updated
* debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed
* debian/patches/make-base-numerics-build-with-gcc.patch: added
* debian/patches/relax-ninja-version-requirement.patch: added
* debian/patches/revert-llvm-ar.patch: removed, no longer needed
* debian/patches/search-credit.patch: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/use-clang-versioned.patch: updated
-- Olivier Tilloy <email address hidden> Mon, 11 Sep 2017 22:53:22 +0200
Available diffs
chromium-browser (61.0.3163.79-0ubuntu0.17.04.1371) zesty; urgency=medium
* Upstream release: 61.0.3163.79
- CVE-2017-5111: Use after free in PDFium.
- CVE-2017-5112: Heap buffer overflow in WebGL.
- CVE-2017-5113: Heap buffer overflow in Skia.
- CVE-2017-5114: Memory lifecycle issue in PDFium.
- CVE-2017-5115: Type confusion in V8.
- CVE-2017-5116: Type confusion in V8.
- CVE-2017-5117: Use of uninitialized value in Skia.
- CVE-2017-5118: Bypass of Content Security Policy in Blink.
- CVE-2017-5119: Use of uninitialized value in Skia.
- CVE-2017-5120: Potential HTTPS downgrade during redirect navigation.
* debian/control:
- bump Standards-Version to 4.0.0
- add build dependency on llvm
* debian/rules: build with is_component_build=false, is_official_build=true,
allow_posix_link_time_opt=false and fatal_linker_warnings=false
* debian/patches/additional-search-engines.patch: refreshed
* debian/patches/define__libc_malloc.patch: added
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default.patch: refreshed
* debian/patches/fix-compilation-for-atk.patch: added
* debian/patches/fix-gn-bootstrap.patch: updated
* debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed
* debian/patches/make-base-numerics-build-with-gcc.patch: added
* debian/patches/revert-llvm-ar.patch: removed, no longer needed
* debian/patches/search-credit.patch: refreshed
* debian/patches/skia-undef-HWCAP_CRC32.patch: added
* debian/patches/title-bar-default-system.patch-v35: refreshed
-- Olivier Tilloy <email address hidden> Mon, 11 Sep 2017 22:39:06 +0200
Available diffs
chromium-browser (60.0.3112.113-0ubuntu1.1369) artful; urgency=medium * Upstream release: 60.0.3112.113 -- Olivier Tilloy <email address hidden> Fri, 25 Aug 2017 07:45:36 +0200
Available diffs
chromium-browser (60.0.3112.113-0ubuntu0.14.04.1194) trusty; urgency=medium * Upstream release: 60.0.3112.113 -- Olivier Tilloy <email address hidden> Fri, 25 Aug 2017 08:16:05 +0200
Available diffs
- diff from 60.0.3112.78-0ubuntu0.14.04.1190 to 60.0.3112.113-0ubuntu0.14.04.1194 (157.2 KiB)
- diff from 60.0.3112.101-0ubuntu0.14.04.1193 to 60.0.3112.113-0ubuntu0.14.04.1194 (pending)
chromium-browser (60.0.3112.113-0ubuntu0.16.04.1298) xenial; urgency=medium * Upstream release: 60.0.3112.113 -- Olivier Tilloy <email address hidden> Fri, 25 Aug 2017 08:12:34 +0200
Available diffs
- diff from 60.0.3112.78-0ubuntu0.16.04.1293 to 60.0.3112.113-0ubuntu0.16.04.1298 (158.0 KiB)
- diff from 60.0.3112.101-0ubuntu0.16.04.1297 to 60.0.3112.113-0ubuntu0.16.04.1298 (pending)
chromium-browser (60.0.3112.113-0ubuntu0.17.04.1369) zesty; urgency=medium * Upstream release: 60.0.3112.113 -- Olivier Tilloy <email address hidden> Fri, 25 Aug 2017 07:59:14 +0200
chromium-browser (60.0.3112.78-0ubuntu1.1363) artful; urgency=medium
* Upstream release: 60.0.3112.78
- CVE-2017-5091: Use after free in IndexedDB.
- CVE-2017-5092: Use after free in PPAPI.
- CVE-2017-5093: UI spoofing in Blink.
- CVE-2017-5094: Type confusion in extensions.
- CVE-2017-5095: Out-of-bounds write in PDFium.
- CVE-2017-5096: User information leak via Android intents.
- CVE-2017-5097: Out-of-bounds read in Skia.
- CVE-2017-5098: Use after free in V8.
- CVE-2017-5099: Out-of-bounds write in PPAPI.
- CVE-2017-5100: Use after free in Chrome Apps.
- CVE-2017-5101: URL spoofing in OmniBox.
- CVE-2017-5102: Uninitialized use in Skia.
- CVE-2017-5103: Uninitialized use in Skia.
- CVE-2017-5104: UI spoofing in browser.
- CVE-2017-5105: URL spoofing in OmniBox.
- CVE-2017-5106: URL spoofing in OmniBox.
- CVE-2017-5107: User information leak via SVG.
- CVE-2017-5108: Type confusion in PDFium.
- CVE-2017-5109: UI spoofing in browser.
- CVE-2017-5110: UI spoofing in payments dialog.
- CVE-2017-7000: Pointer disclosure in SQLite.
* debian/patches/additional-search-engines.patch: refreshed
* debian/patches/default-allocator: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed
* debian/patches/fix-gn-bootstrap.patch: added
* debian/patches/last-commit-position: refreshed
* debian/patches/linux-dma-buf.patch: removed, no longer needed
* debian/patches/memory-free-assertion-failure: removed, no longer needed
* debian/patches/revert-llvm-ar.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/snapshot-library-link: removed, no longer needed
* debian/patches/stdatomic: removed, no longer needed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/use-gcc-versioned: removed, no longer needed
* debian/tests/html5test:
- updated test expectations
- refactored test to not fail early, thus giving the test a chance to
list all failed expectations before bailing out
-- Olivier Tilloy <email address hidden> Mon, 31 Jul 2017 16:03:31 +0200
Available diffs
- diff from 59.0.3071.109-0ubuntu1.1360 to 60.0.3112.78-0ubuntu1.1363 (pending)
chromium-browser (60.0.3112.78-0ubuntu0.14.04.1190) trusty; urgency=medium
* Upstream release: 60.0.3112.78
- CVE-2017-5091: Use after free in IndexedDB.
- CVE-2017-5092: Use after free in PPAPI.
- CVE-2017-5093: UI spoofing in Blink.
- CVE-2017-5094: Type confusion in extensions.
- CVE-2017-5095: Out-of-bounds write in PDFium.
- CVE-2017-5096: User information leak via Android intents.
- CVE-2017-5097: Out-of-bounds read in Skia.
- CVE-2017-5098: Use after free in V8.
- CVE-2017-5099: Out-of-bounds write in PPAPI.
- CVE-2017-5100: Use after free in Chrome Apps.
- CVE-2017-5101: URL spoofing in OmniBox.
- CVE-2017-5102: Uninitialized use in Skia.
- CVE-2017-5103: Uninitialized use in Skia.
- CVE-2017-5104: UI spoofing in browser.
- CVE-2017-5105: URL spoofing in OmniBox.
- CVE-2017-5106: URL spoofing in OmniBox.
- CVE-2017-5107: User information leak via SVG.
- CVE-2017-5108: Type confusion in PDFium.
- CVE-2017-5109: UI spoofing in browser.
- CVE-2017-5110: UI spoofing in payments dialog.
- CVE-2017-7000: Pointer disclosure in SQLite.
* debian/patches/additional-search-engines.patch: refreshed
* debian/patches/default-allocator: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed
* debian/patches/fix-gn-bootstrap.patch: added
* debian/patches/fix-webkit-layout-build-with-g++.patch: added
* debian/patches/last-commit-position: refreshed
* debian/patches/linux-dma-buf.patch: removed, no longer needed
* debian/patches/memory-free-assertion-failure: removed, no longer needed
* debian/patches/really-disable-swiftshader-on-x86.patch: refreshed
* debian/patches/revert-llvm-ar.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/snapshot-library-link: removed, no longer needed
* debian/patches/stdatomic: removed, no longer needed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/vulkan-c99.patch: added
-- Olivier Tilloy <email address hidden> Mon, 31 Jul 2017 18:02:45 +0200
chromium-browser (60.0.3112.78-0ubuntu0.16.04.1293) xenial; urgency=medium
* Upstream release: 60.0.3112.78
- CVE-2017-5091: Use after free in IndexedDB.
- CVE-2017-5092: Use after free in PPAPI.
- CVE-2017-5093: UI spoofing in Blink.
- CVE-2017-5094: Type confusion in extensions.
- CVE-2017-5095: Out-of-bounds write in PDFium.
- CVE-2017-5096: User information leak via Android intents.
- CVE-2017-5097: Out-of-bounds read in Skia.
- CVE-2017-5098: Use after free in V8.
- CVE-2017-5099: Out-of-bounds write in PPAPI.
- CVE-2017-5100: Use after free in Chrome Apps.
- CVE-2017-5101: URL spoofing in OmniBox.
- CVE-2017-5102: Uninitialized use in Skia.
- CVE-2017-5103: Uninitialized use in Skia.
- CVE-2017-5104: UI spoofing in browser.
- CVE-2017-5105: URL spoofing in OmniBox.
- CVE-2017-5106: URL spoofing in OmniBox.
- CVE-2017-5107: User information leak via SVG.
- CVE-2017-5108: Type confusion in PDFium.
- CVE-2017-5109: UI spoofing in browser.
- CVE-2017-5110: UI spoofing in payments dialog.
- CVE-2017-7000: Pointer disclosure in SQLite.
* debian/control, debian/rules: build with clang 4.0
* debian/patches/additional-search-engines.patch: refreshed
* debian/patches/allow-component-build: removed, unused
* debian/patches/arm64-vpx-alignment: removed, no longer needed
* debian/patches/defang-ct-timebomb: removed, unused
* debian/patches/default-allocator: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed
* debian/patches/fix-gn-bootstrap.patch: added
* debian/patches/last-commit-position: refreshed
* debian/patches/linux-dma-buf.patch: removed, no longer needed
* debian/patches/memory-free-assertion-failure: removed, no longer needed
* debian/patches/no-fPIC.patch: removed, no longer needed
* debian/patches/protobuf-fullness: removed, unused
* debian/patches/revert-llvm-ar.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/snapshot-library-link: removed, no longer needed
* debian/patches/stdatomic: removed, no longer needed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/use-clang-versioned.patch: added
* debian/patches/use-gcc-versioned: removed, no longer needed
* debian/known_gyp_flags: removed, unused
* debian/known_gn_gen_args-[i386,amd64,armhf]: added
-- Olivier Tilloy <email address hidden> Mon, 31 Jul 2017 17:25:16 +0200
Available diffs
- diff from 59.0.3071.109-0ubuntu0.16.04.1291 (in ~canonical-chromium-builds/ubuntu/stage) to 60.0.3112.78-0ubuntu0.16.04.1293 (58.4 MiB)
- diff from 59.0.3071.115-0ubuntu0.16.04.1291 to 60.0.3112.78-0ubuntu0.16.04.1293 (pending)
chromium-browser (60.0.3112.78-0ubuntu0.17.04.1363) zesty; urgency=medium
* Upstream release: 60.0.3112.78
- CVE-2017-5091: Use after free in IndexedDB.
- CVE-2017-5092: Use after free in PPAPI.
- CVE-2017-5093: UI spoofing in Blink.
- CVE-2017-5094: Type confusion in extensions.
- CVE-2017-5095: Out-of-bounds write in PDFium.
- CVE-2017-5096: User information leak via Android intents.
- CVE-2017-5097: Out-of-bounds read in Skia.
- CVE-2017-5098: Use after free in V8.
- CVE-2017-5099: Out-of-bounds write in PPAPI.
- CVE-2017-5100: Use after free in Chrome Apps.
- CVE-2017-5101: URL spoofing in OmniBox.
- CVE-2017-5102: Uninitialized use in Skia.
- CVE-2017-5103: Uninitialized use in Skia.
- CVE-2017-5104: UI spoofing in browser.
- CVE-2017-5105: URL spoofing in OmniBox.
- CVE-2017-5106: URL spoofing in OmniBox.
- CVE-2017-5107: User information leak via SVG.
- CVE-2017-5108: Type confusion in PDFium.
- CVE-2017-5109: UI spoofing in browser.
- CVE-2017-5110: UI spoofing in payments dialog.
- CVE-2017-7000: Pointer disclosure in SQLite.
* debian/patches/additional-search-engines.patch: refreshed
* debian/patches/default-allocator: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed
* debian/patches/fix-gn-bootstrap.patch: added
* debian/patches/last-commit-position: refreshed
* debian/patches/linux-dma-buf.patch: removed, no longer needed
* debian/patches/memory-free-assertion-failure: removed, no longer needed
* debian/patches/revert-llvm-ar.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/snapshot-library-link: removed, no longer needed
* debian/patches/stdatomic: removed, no longer needed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/use-gcc-versioned: removed, no longer needed
-- Olivier Tilloy <email address hidden> Mon, 31 Jul 2017 17:04:59 +0200
chromium-browser (59.0.3071.109-0ubuntu0.14.04.1188) trusty; urgency=medium * debian/patches/fix-argument-evaluation-order.patch: added (LP: #1702407) -- Olivier Tilloy <email address hidden> Fri, 07 Jul 2017 10:57:00 +0200
chromium-browser (59.0.3071.109-0ubuntu0.16.04.1291) xenial; urgency=medium * debian/patches/fix-argument-evaluation-order.patch: added (LP: #1702407) -- Olivier Tilloy <email address hidden> Fri, 07 Jul 2017 10:53:25 +0200
chromium-browser (59.0.3071.109-0ubuntu1.1360) artful; urgency=medium * Upstream release: 59.0.3071.109 -- Olivier Tilloy <email address hidden> Wed, 21 Jun 2017 06:09:45 +0200
Available diffs
chromium-browser (59.0.3071.109-0ubuntu0.14.04.1186) trusty; urgency=medium * Upstream release: 59.0.3071.109 -- Olivier Tilloy <email address hidden> Wed, 21 Jun 2017 06:54:41 +0200
Available diffs
- diff from 58.0.3029.110-0ubuntu0.14.04.1176 to 59.0.3071.109-0ubuntu0.14.04.1186 (63.1 MiB)
- diff from 59.0.3071.86-0ubuntu0.14.04.1182 (in ~osomon/ubuntu/cr-test-1697496-deletedppa) to 59.0.3071.109-0ubuntu0.14.04.1186 (32.5 KiB)
- diff from 59.0.3071.104-0ubuntu0.14.04.1184 to 59.0.3071.109-0ubuntu0.14.04.1186 (7.0 KiB)
chromium-browser (59.0.3071.109-0ubuntu0.16.04.1289) xenial; urgency=medium * Upstream release: 59.0.3071.109 -- Olivier Tilloy <email address hidden> Wed, 21 Jun 2017 06:47:10 +0200
Available diffs
- diff from 58.0.3029.110-0ubuntu0.16.04.1281 to 59.0.3071.109-0ubuntu0.16.04.1289 (63.1 MiB)
- diff from 59.0.3071.86-0ubuntu0.16.04.1285 (in ~osomon/ubuntu/cr-test-1697496-deletedppa) to 59.0.3071.109-0ubuntu0.16.04.1289 (32.4 KiB)
- diff from 59.0.3071.104-0ubuntu0.16.04.1287 to 59.0.3071.109-0ubuntu0.16.04.1289 (7.0 KiB)
chromium-browser (59.0.3071.109-0ubuntu0.16.10.1357) yakkety; urgency=medium * Upstream release: 59.0.3071.109 -- Olivier Tilloy <email address hidden> Wed, 21 Jun 2017 06:45:30 +0200
Available diffs
- diff from 58.0.3029.110-0ubuntu0.16.10.1349 to 59.0.3071.109-0ubuntu0.16.10.1357 (63.1 MiB)
- diff from 59.0.3071.86-0ubuntu0.16.10.1353 (in ~osomon/ubuntu/cr-test-1697496-deletedppa) to 59.0.3071.109-0ubuntu0.16.10.1357 (32.4 KiB)
- diff from 59.0.3071.104-0ubuntu0.16.10.1355 to 59.0.3071.109-0ubuntu0.16.10.1357 (7.0 KiB)
chromium-browser (59.0.3071.109-0ubuntu0.17.04.1360) zesty; urgency=medium * Upstream release: 59.0.3071.109 -- Olivier Tilloy <email address hidden> Wed, 21 Jun 2017 06:37:28 +0200
chromium-browser (58.0.3029.110-0ubuntu1.1354) artful; urgency=medium * Upstream release: 58.0.3029.110 * debian/control: bump Standards-Version to 3.9.8 -- Olivier Tilloy <email address hidden> Wed, 10 May 2017 06:46:40 +0200
Available diffs
chromium-browser (58.0.3029.110-0ubuntu0.16.04.1281) xenial; urgency=medium * Upstream release: 58.0.3029.110 * debian/control: bump Standards-Version to 3.9.8 -- Olivier Tilloy <email address hidden> Wed, 10 May 2017 07:23:02 +0200
Available diffs
chromium-browser (58.0.3029.110-0ubuntu0.14.04.1176) trusty; urgency=medium * Upstream release: 58.0.3029.110 * debian/control: bump Standards-Version to 3.9.8 -- Olivier Tilloy <email address hidden> Wed, 10 May 2017 07:25:53 +0200
Available diffs
chromium-browser (58.0.3029.110-0ubuntu0.16.10.1349) yakkety; urgency=medium * Upstream release: 58.0.3029.110 * debian/control: bump Standards-Version to 3.9.8 -- Olivier Tilloy <email address hidden> Wed, 10 May 2017 07:21:06 +0200
Available diffs
chromium-browser (58.0.3029.110-0ubuntu0.17.04.1354) zesty; urgency=medium * Upstream release: 58.0.3029.110 * debian/control: bump Standards-Version to 3.9.8 -- Olivier Tilloy <email address hidden> Wed, 10 May 2017 06:34:09 +0200
Available diffs
chromium-browser (58.0.3029.96-0ubuntu1.1352) artful; urgency=medium
* Upstream release: 58.0.3029.96
- CVE-2017-5068: Race condition in WebRTC.
-- Olivier Tilloy <email address hidden> Wed, 03 May 2017 06:39:50 +0200
Available diffs
chromium-browser (58.0.3029.96-0ubuntu0.14.04.1174) trusty; urgency=medium
* Upstream release: 58.0.3029.96
- CVE-2017-5068: Race condition in WebRTC.
-- Olivier Tilloy <email address hidden> Wed, 03 May 2017 06:56:50 +0200
Available diffs
- diff from 58.0.3029.81-0ubuntu0.14.04.1172 (in ~canonical-chromium-builds/ubuntu/stage) to 58.0.3029.96-0ubuntu0.14.04.1174 (13.5 MiB)
- diff from 34.0.1847.116-0ubuntu2 (in Ubuntu) to 58.0.3029.96-0ubuntu0.14.04.1174 (pending)
chromium-browser (58.0.3029.96-0ubuntu0.16.04.1279) xenial; urgency=medium
* Upstream release: 58.0.3029.96
- CVE-2017-5068: Race condition in WebRTC.
-- Olivier Tilloy <email address hidden> Wed, 03 May 2017 06:49:16 +0200
Available diffs
- diff from 58.0.3029.81-0ubuntu0.16.04.1277 (in ~canonical-chromium-builds/ubuntu/stage) to 58.0.3029.96-0ubuntu0.16.04.1279 (13.5 MiB)
- diff from 49.0.2623.108-0ubuntu1.1233 (in Ubuntu) to 58.0.3029.96-0ubuntu0.16.04.1279 (pending)
chromium-browser (58.0.3029.96-0ubuntu0.16.10.1347) yakkety; urgency=medium
* Upstream release: 58.0.3029.96
- CVE-2017-5068: Race condition in WebRTC.
-- Olivier Tilloy <email address hidden> Wed, 03 May 2017 06:43:43 +0200
chromium-browser (58.0.3029.96-0ubuntu0.17.04.1352) zesty; urgency=medium
* Upstream release: 58.0.3029.96
- CVE-2017-5068: Race condition in WebRTC.
-- Olivier Tilloy <email address hidden> Wed, 03 May 2017 06:28:55 +0200
Available diffs
- diff from 58.0.3029.81-0ubuntu2.17.04.1350 (in ~canonical-chromium-builds/ubuntu/stage) to 58.0.3029.96-0ubuntu0.17.04.1352 (13.5 MiB)
- diff from 57.0.2987.98-0ubuntu1.1348 (in Ubuntu) to 58.0.3029.96-0ubuntu0.17.04.1352 (pending)
chromium-browser (58.0.3029.81-0ubuntu2.1350) artful; urgency=medium
* Upstream release: 58.0.3029.81
- CVE-2017-5057: Type confusion in PDFium.
- CVE-2017-5058: Heap use after free in Print Preview.
- CVE-2017-5059: Type confusion in Blink.
- CVE-2017-5060: URL spoofing in Omnibox.
- CVE-2017-5061: URL spoofing in Omnibox.
- CVE-2017-5062: Use after free in Chrome Apps.
- CVE-2017-5063: Heap overflow in Skia.
- CVE-2017-5064: Use after free in Blink.
- CVE-2017-5065: Incorrect UI in Blink.
- CVE-2017-5066: Incorrect signature handing in Networking.
- CVE-2017-5067: URL spoofing in Omnibox.
- CVE-2017-5069: Cross-origin bypass in Blink.
* debian/patches/arm.patch: removed, no longer needed
* debian/patches/gtk-ui-stdmove: removed, no longer needed (upstreamed)
* debian/patches/screen_capturer: removed, no longer needed (upstreamed)
* debian/patches/default-allocator: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default: refreshed
* debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/snapshot-library-link: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/fix-gn-bootstrap.patch: added
* debian/rules: disable the use of Vulcanize, the required node.js modules
are not readily available
-- Olivier Tilloy <email address hidden> Mon, 24 Apr 2017 22:33:22 +0200
Available diffs
chromium-browser (58.0.3029.81-0ubuntu2.17.04.1350) zesty; urgency=medium
* Upstream release: 58.0.3029.81
- CVE-2017-5057: Type confusion in PDFium.
- CVE-2017-5058: Heap use after free in Print Preview.
- CVE-2017-5059: Type confusion in Blink.
- CVE-2017-5060: URL spoofing in Omnibox.
- CVE-2017-5061: URL spoofing in Omnibox.
- CVE-2017-5062: Use after free in Chrome Apps.
- CVE-2017-5063: Heap overflow in Skia.
- CVE-2017-5064: Use after free in Blink.
- CVE-2017-5065: Incorrect UI in Blink.
- CVE-2017-5066: Incorrect signature handing in Networking.
- CVE-2017-5067: URL spoofing in Omnibox.
- CVE-2017-5069: Cross-origin bypass in Blink.
* debian/patches/arm.patch: removed, no longer needed
* debian/patches/gtk-ui-stdmove: removed, no longer needed (upstreamed)
* debian/patches/screen_capturer: removed, no longer needed (upstreamed)
* debian/patches/default-allocator: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default: refreshed
* debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/snapshot-library-link: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/fix-gn-bootstrap.patch: added
* debian/rules: disable the use of Vulcanize, the required node.js modules
are not readily available
-- Olivier Tilloy <email address hidden> Mon, 24 Apr 2017 22:34:45 +0200
Available diffs
chromium-browser (58.0.3029.81-0ubuntu0.14.04.1172) trusty; urgency=medium
* Upstream release: 58.0.3029.81
- CVE-2017-5057: Type confusion in PDFium.
- CVE-2017-5058: Heap use after free in Print Preview.
- CVE-2017-5059: Type confusion in Blink.
- CVE-2017-5060: URL spoofing in Omnibox.
- CVE-2017-5061: URL spoofing in Omnibox.
- CVE-2017-5062: Use after free in Chrome Apps.
- CVE-2017-5063: Heap overflow in Skia.
- CVE-2017-5064: Use after free in Blink.
- CVE-2017-5065: Incorrect UI in Blink.
- CVE-2017-5066: Incorrect signature handing in Networking.
- CVE-2017-5067: URL spoofing in Omnibox.
- CVE-2017-5069: Cross-origin bypass in Blink.
* debian/patches/arm.patch: removed, no longer needed
* debian/patches/gtk-ui-stdmove: removed, no longer needed (upstreamed)
* debian/patches/screen_capturer: removed, no longer needed (upstreamed)
* debian/patches/default-allocator: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default: refreshed
* debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/snapshot-library-link: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/fix-gn-bootstrap.patch: added
* debian/rules: disable the use of Vulcanize, the required node.js modules
are not readily available
-- Olivier Tilloy <email address hidden> Mon, 24 Apr 2017 11:56:01 +0200
Available diffs
chromium-browser (58.0.3029.81-0ubuntu0.16.04.1277) xenial; urgency=medium
* Upstream release: 58.0.3029.81
- CVE-2017-5057: Type confusion in PDFium.
- CVE-2017-5058: Heap use after free in Print Preview.
- CVE-2017-5059: Type confusion in Blink.
- CVE-2017-5060: URL spoofing in Omnibox.
- CVE-2017-5061: URL spoofing in Omnibox.
- CVE-2017-5062: Use after free in Chrome Apps.
- CVE-2017-5063: Heap overflow in Skia.
- CVE-2017-5064: Use after free in Blink.
- CVE-2017-5065: Incorrect UI in Blink.
- CVE-2017-5066: Incorrect signature handing in Networking.
- CVE-2017-5067: URL spoofing in Omnibox.
- CVE-2017-5069: Cross-origin bypass in Blink.
* debian/patches/arm.patch: removed, no longer needed
* debian/patches/gtk-ui-stdmove: removed, no longer needed (upstreamed)
* debian/patches/screen_capturer: removed, no longer needed (upstreamed)
* debian/patches/default-allocator: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default: refreshed
* debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/snapshot-library-link: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/fix-gn-bootstrap.patch: added
* debian/rules: disable the use of Vulcanize, the required node.js modules
are not readily available
-- Olivier Tilloy <email address hidden> Mon, 24 Apr 2017 11:40:21 +0200
Available diffs
chromium-browser (58.0.3029.81-0ubuntu0.16.10.1345) yakkety; urgency=medium
* Upstream release: 58.0.3029.81
- CVE-2017-5057: Type confusion in PDFium.
- CVE-2017-5058: Heap use after free in Print Preview.
- CVE-2017-5059: Type confusion in Blink.
- CVE-2017-5060: URL spoofing in Omnibox.
- CVE-2017-5061: URL spoofing in Omnibox.
- CVE-2017-5062: Use after free in Chrome Apps.
- CVE-2017-5063: Heap overflow in Skia.
- CVE-2017-5064: Use after free in Blink.
- CVE-2017-5065: Incorrect UI in Blink.
- CVE-2017-5066: Incorrect signature handing in Networking.
- CVE-2017-5067: URL spoofing in Omnibox.
- CVE-2017-5069: Cross-origin bypass in Blink.
* debian/patches/arm.patch: removed, no longer needed
* debian/patches/gtk-ui-stdmove: removed, no longer needed (upstreamed)
* debian/patches/screen_capturer: removed, no longer needed (upstreamed)
* debian/patches/default-allocator: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/enable-chromecast-by-default: refreshed
* debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/snapshot-library-link: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/fix-gn-bootstrap.patch: added
* debian/rules: disable the use of Vulcanize, the required node.js modules
are not readily available
-- Olivier Tilloy <email address hidden> Mon, 24 Apr 2017 11:27:41 +0200
Available diffs
| Superseded in artful-release |
| Obsolete in zesty-release |
| Deleted in zesty-proposed (Reason: moved to release) |
chromium-browser (57.0.2987.98-0ubuntu1.1348) zesty; urgency=medium
* Upstream release: 57.0.2987.98.
- CVE-2017-5030: Memory corruption in V8.
- CVE-2017-5031: Use after free in ANGLE.
- CVE-2017-5032: Out of bounds write in PDFium.
- CVE-2017-5029: Integer overflow in libxslt.
- CVE-2017-5034: Use after free in PDFium.
- CVE-2017-5035: Incorrect security UI in Omnibox.
- CVE-2017-5036: Use after free in PDFium.
- CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer.
- CVE-2017-5039: Use after free in PDFium.
- CVE-2017-5040: Information disclosure in V8.
- CVE-2017-5041: Address spoofing in Omnibox.
- CVE-2017-5033: Bypass of Content Security Policy in Blink.
- CVE-2017-5042: Incorrect handling of cookies in Cast.
- CVE-2017-5038: Use after free in GuestView.
- CVE-2017-5043: Use after free in GuestView.
- CVE-2017-5044: Heap overflow in Skia.
- CVE-2017-5045: Information disclosure in XSS Auditor.
- CVE-2017-5046: Information disclosure in Blink.
* debian/patches/arm64-support no longer needed
* debian/patches/stdatomic: Support gcc48.
* debian/patches/snapshot-library-link: Add missing libsnapshot link
* debian/patches/gtk-ui-stdmove: fix && pointer return with std::move
* debian/rules: Fix armhf float ABI and remove unnecessary envvars.
(LP: #1673276)
* debian/rules, debian/control: Use clang.
-- Chad MILLER <email address hidden> Wed, 15 Mar 2017 21:12:35 -0400
Available diffs
chromium-browser (57.0.2987.98-0ubuntu0.16.04.1276) xenial-security; urgency=medium
* Upstream release: 57.0.2987.98.
- CVE-2017-5030: Memory corruption in V8.
- CVE-2017-5031: Use after free in ANGLE.
- CVE-2017-5032: Out of bounds write in PDFium.
- CVE-2017-5029: Integer overflow in libxslt.
- CVE-2017-5034: Use after free in PDFium.
- CVE-2017-5035: Incorrect security UI in Omnibox.
- CVE-2017-5036: Use after free in PDFium.
- CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer.
- CVE-2017-5039: Use after free in PDFium.
- CVE-2017-5040: Information disclosure in V8.
- CVE-2017-5041: Address spoofing in Omnibox.
- CVE-2017-5033: Bypass of Content Security Policy in Blink.
- CVE-2017-5042: Incorrect handling of cookies in Cast.
- CVE-2017-5038: Use after free in GuestView.
- CVE-2017-5043: Use after free in GuestView.
- CVE-2017-5044: Heap overflow in Skia.
- CVE-2017-5045: Information disclosure in XSS Auditor.
- CVE-2017-5046: Information disclosure in Blink.
* debian/patches/arm64-support no longer needed
* debian/patches/stdatomic: Support gcc48.
* debian/patches/snapshot-library-link: Add missing libsnapshot link
* debian/patches/gtk-ui-stdmove: fix && pointer return with std::move
* debian/control: Drop binary arch "any" and explicitly list four.
* debian/patches/arm64-vpx-alignment: Avoid ARM64 alignment bug on some
compilers.
* debian/rules: Fix armhf float ABI and remove unnecessary envvars.
(LP: #1673276)
-- Chad MILLER <email address hidden> Wed, 15 Mar 2017 21:12:35 -0400
Available diffs
chromium-browser (57.0.2987.98-0ubuntu0.16.10.1344) yakkety-security; urgency=medium
* Upstream release: 57.0.2987.98.
- CVE-2017-5030: Memory corruption in V8.
- CVE-2017-5031: Use after free in ANGLE.
- CVE-2017-5032: Out of bounds write in PDFium.
- CVE-2017-5029: Integer overflow in libxslt.
- CVE-2017-5034: Use after free in PDFium.
- CVE-2017-5035: Incorrect security UI in Omnibox.
- CVE-2017-5036: Use after free in PDFium.
- CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer.
- CVE-2017-5039: Use after free in PDFium.
- CVE-2017-5040: Information disclosure in V8.
- CVE-2017-5041: Address spoofing in Omnibox.
- CVE-2017-5033: Bypass of Content Security Policy in Blink.
- CVE-2017-5042: Incorrect handling of cookies in Cast.
- CVE-2017-5038: Use after free in GuestView.
- CVE-2017-5043: Use after free in GuestView.
- CVE-2017-5044: Heap overflow in Skia.
- CVE-2017-5045: Information disclosure in XSS Auditor.
- CVE-2017-5046: Information disclosure in Blink.
* debian/patches/arm64-support no longer needed
* debian/patches/stdatomic: Support gcc48.
* debian/patches/snapshot-library-link: Add missing libsnapshot link
* debian/patches/gtk-ui-stdmove: fix && pointer return with std::move
* debian/control: Drop binary arch "any" and explicitly list four.
* debian/patches/arm64-vpx-alignment: Avoid ARM64 alignment bug on some
compilers.
* debian/rules: Fix armhf float ABI and remove unnecessary envvars.
(LP: #1673276)
-- Chad MILLER <email address hidden> Wed, 15 Mar 2017 21:12:35 -0400
Available diffs
chromium-browser (56.0.2924.76-0ubuntu2.1343) zesty; urgency=medium * debian/control: Drop binary arch "any" and explicitly list four. * debian/patches/arm64-support: arm64 gcc needs toolchain information. -- Chad MILLER <email address hidden> Thu, 02 Mar 2017 15:32:01 -0500
Available diffs
chromium-browser (56.0.2924.76-0ubuntu0.16.04.1268) xenial-security; urgency=medium
* Upstream release: 56.0.2924.76
- CVE-2017-5007: Universal XSS in Blink.
- CVE-2017-5006: Universal XSS in Blink.
- CVE-2017-5008: Universal XSS in Blink.
- CVE-2017-5010: Universal XSS in Blink.
- CVE-2017-5011: Unauthorised file access in Devtools.
- CVE-2017-5009: Out of bounds memory access in WebRTC.
- CVE-2017-5012: Heap overflow in V8.
- CVE-2017-5013: Address spoofing in Omnibox.
- CVE-2017-5014: Heap overflow in Skia.
- CVE-2017-5015: Address spoofing in Omnibox.
- CVE-2017-5019: Use after free in Renderer.
- CVE-2017-5016: UI spoofing in Blink.
- CVE-2017-5017: Uninitialised memory access in webm video.
- CVE-2017-5018: Universal XSS in chrome://apps.
- CVE-2017-5020: Universal XSS in chrome://downloads.
- CVE-2017-5021: Use after free in Extensions.
- CVE-2017-5022: Bypass of Content Security Policy in Blink.
- CVE-2017-5023: Type confusion in metrics.
- CVE-2017-5024: Heap overflow in FFmpeg.
- CVE-2017-5025: Heap overflow in FFmpeg.
- CVE-2017-5026: UI spoofing.
* debian/patches/screen_capturer: allow compilation on gcc4
* debian/patches/arm64-support: reenable arm64
* debian/patches/memory-free-assertion-failure: discover memory management
assertion failures.
* debian/rules: Avoid field trial experiments to get stable code.
(closes: LP#1667125)
* debian/patches/enable-chromecast-by-default: (closes: LP#1621753)
-- Chad MILLER <email address hidden> Wed, 22 Feb 2017 17:20:28 -0500
Available diffs
chromium-browser (56.0.2924.76-0ubuntu0.16.10.1335) yakkety-security; urgency=medium
* Upstream release: 56.0.2924.76
- CVE-2017-5007: Universal XSS in Blink.
- CVE-2017-5006: Universal XSS in Blink.
- CVE-2017-5008: Universal XSS in Blink.
- CVE-2017-5010: Universal XSS in Blink.
- CVE-2017-5011: Unauthorised file access in Devtools.
- CVE-2017-5009: Out of bounds memory access in WebRTC.
- CVE-2017-5012: Heap overflow in V8.
- CVE-2017-5013: Address spoofing in Omnibox.
- CVE-2017-5014: Heap overflow in Skia.
- CVE-2017-5015: Address spoofing in Omnibox.
- CVE-2017-5019: Use after free in Renderer.
- CVE-2017-5016: UI spoofing in Blink.
- CVE-2017-5017: Uninitialised memory access in webm video.
- CVE-2017-5018: Universal XSS in chrome://apps.
- CVE-2017-5020: Universal XSS in chrome://downloads.
- CVE-2017-5021: Use after free in Extensions.
- CVE-2017-5022: Bypass of Content Security Policy in Blink.
- CVE-2017-5023: Type confusion in metrics.
- CVE-2017-5024: Heap overflow in FFmpeg.
- CVE-2017-5025: Heap overflow in FFmpeg.
- CVE-2017-5026: UI spoofing.
* debian/patches/screen_capturer: allow compilation on gcc4
* debian/patches/arm64-support: reenable arm64
* debian/patches/memory-free-assertion-failure: discover memory management
assertion failures.
* debian/rules: Avoid field trial experiments to get stable code.
(closes: LP#1667125)
* debian/patches/enable-chromecast-by-default: (closes: LP#1621753)
-- Chad MILLER <email address hidden> Wed, 22 Feb 2017 17:20:28 -0500
Available diffs
| Superseded in zesty-proposed |
chromium-browser (55.0.2883.87-0ubuntu2.1329) zesty; urgency=medium * No-change rebuild against libnspr4 -- Andy Whitcroft <email address hidden> Fri, 24 Feb 2017 11:10:02 +0000
Available diffs
chromium-browser (55.0.2883.87-0ubuntu0.16.04.1263) xenial-security; urgency=medium
* debian/rules: Build extra codecs as part of main chromium program,
and libre/crippled/h.264less on its own. Seems to make h.264 work
again. Weird.
* debian/chromium-browser.links: Make link to ./ instead of / to fix
path problems that codec-using other apps might see.
* Upstream release of 55.0.2883.87:
- Change Flash running default to important content only.
* debian/chromium-browser.sh.in: Insert the Flash version if empty and
detectable.
* debian/rules, debian/control: Use gcc/g++ 4.8 to build.
* Upstream release of 55.0.2883.75:
- CVE-2016-9651: Private property access in V8.
- CVE-2016-5208: Universal XSS in Blink.
- CVE-2016-5207: Universal XSS in Blink.
- CVE-2016-5206: Same-origin bypass in PDFium.
- CVE-2016-5205: Universal XSS in Blink.
- CVE-2016-5204: Universal XSS in Blink.
- CVE-2016-5209: Out of bounds write in Blink.
- CVE-2016-5203: Use after free in PDFium.
- CVE-2016-5210: Out of bounds write in PDFium.
- CVE-2016-5212: Local file disclosure in DevTools.
- CVE-2016-5211: Use after free in PDFium.
- CVE-2016-5213: Use after free in V8.
- CVE-2016-5214: File download protection bypass.
- CVE-2016-5216: Use after free in PDFium.
- CVE-2016-5215: Use after free in Webaudio.
- CVE-2016-5217: Use of unvalidated data in PDFium.
- CVE-2016-5218: Address spoofing in Omnibox.
- CVE-2016-5219: Use after free in V8.
- CVE-2016-5221: Integer overflow in ANGLE.
- CVE-2016-5220: Local file access in PDFium.
- CVE-2016-5222: Address spoofing in Omnibox.
- CVE-2016-9650: CSP Referrer disclosure.
- CVE-2016-5223: Integer overflow in PDFium.
- CVE-2016-5226: Limited XSS in Blink.
- CVE-2016-5225: CSP bypass in Blink.
- CVE-2016-5224: Same-origin bypass in SVG
- CVE-2016-9652: Various fixes from internal audits, fuzzing and other
initiatives
* Upstream release of 54.0.2840.100:
- CVE-2016-5199: Heap corruption in FFmpeg.
- CVE-2016-5200: Out of bounds memory access in V8.
- CVE-2016-5201: Info leak in extensions.
- CVE-2016-5202: Various fixes from internal audits, fuzzing and other
initiatives
* Move to using GN to build chromium.
- debian/known_gn_gen_args
- debian/rules
patches
* debian/rules, lintians, installs, script: Move component libs out of
libs/, to /usr/lib/chromium-browser/ only.
* debian/patches/do-not-use-bundled-clang: Use clang from path.
* debian/control: Express that binary packages could be on "any"
architecture.
* debian/control: additionally build-dep on libgtk-3-dev
* debian/patches/arm64-support: Fail nicer if aarch64/arm64 mismatch.
* Upstrem release of 54.0.2840.59:
- CVE-2016-5181: Universal XSS in Blink.
- CVE-2016-5182: Heap overflow in Blink.
- CVE-2016-5183: Use after free in PDFium.
- CVE-2016-5184: Use after free in PDFium.
- CVE-2016-5185: Use after free in Blink.
- CVE-2016-5187: URL spoofing.
- CVE-2016-5188: UI spoofing.
- CVE-2016-5192: Cross-origin bypass in Blink.
- CVE-2016-5189: URL spoofing.
- CVE-2016-5186: Out of bounds read in DevTools.
- CVE-2016-5191: Universal XSS in Bookmarks.
- CVE-2016-5190: Use after free in Internals.
- CVE-2016-5193: Scheme bypass.
- CVE-2016-5194: Various fixes from internal audits, fuzzing and other
initiatives
* debian/patches/allow-component-build: Hard-code, override
release -> no component logic.
* debian/known_gyp_flags: Remove old GYP known-flags list.
* debian/default-allocator: Insist on not using tcmalloc allocator.
* debian/rules: Set LDFLAGS to limit memory usage.
* debian/control: Remove extraneous dependencies.
-- Chad MILLER <email address hidden> Sat, 17 Dec 2016 12:05:53 -0500
chromium-browser (55.0.2883.87-0ubuntu1.16.10.1330) yakkety-security; urgency=medium
* debian/rules: Build extra codecs as part of main chromium program,
and libre/crippled/h.264less on its own. Seems to make h.264 work
again. Weird.
* debian/chromium-browser.links: Make link to ./ instead of / to fix
path problems that codec-using other apps might see.
-- Chad MILLER <email address hidden> Sat, 17 Dec 2016 12:05:53 -0500
Available diffs
| Superseded in zesty-proposed |
chromium-browser (55.0.2883.87-0ubuntu2.1328) zesty; urgency=medium
* debian/rules: Build extra codecs as part of main chromium program,
and libre/crippled/h.264less on its own. Seems to make h.264 work
again. Weird.
* debian/chromium-browser.links: Make link to ./ instead of / to fix
path problems that codec-using other apps might see.
-- Chad MILLER <email address hidden> Sat, 17 Dec 2016 12:05:53 -0500
Available diffs
chromium-browser (55.0.2883.87-0ubuntu0.16.10.1328) yakkety-security; urgency=medium
* Upstream release of 55.0.2883.87:
- Change Flash running default to important content only.
* debian/chromium-browser.sh.in: Insert the Flash version if empty and
detectable.
* debian/rules, debian/control: Use gcc/g++ 4.8 to build.
* Upstream release of 55.0.2883.75:
- CVE-2016-9651: Private property access in V8.
- CVE-2016-5208: Universal XSS in Blink.
- CVE-2016-5207: Universal XSS in Blink.
- CVE-2016-5206: Same-origin bypass in PDFium.
- CVE-2016-5205: Universal XSS in Blink.
- CVE-2016-5204: Universal XSS in Blink.
- CVE-2016-5209: Out of bounds write in Blink.
- CVE-2016-5203: Use after free in PDFium.
- CVE-2016-5210: Out of bounds write in PDFium.
- CVE-2016-5212: Local file disclosure in DevTools.
- CVE-2016-5211: Use after free in PDFium.
- CVE-2016-5213: Use after free in V8.
- CVE-2016-5214: File download protection bypass.
- CVE-2016-5216: Use after free in PDFium.
- CVE-2016-5215: Use after free in Webaudio.
- CVE-2016-5217: Use of unvalidated data in PDFium.
- CVE-2016-5218: Address spoofing in Omnibox.
- CVE-2016-5219: Use after free in V8.
- CVE-2016-5221: Integer overflow in ANGLE.
- CVE-2016-5220: Local file access in PDFium.
- CVE-2016-5222: Address spoofing in Omnibox.
- CVE-2016-9650: CSP Referrer disclosure.
- CVE-2016-5223: Integer overflow in PDFium.
- CVE-2016-5226: Limited XSS in Blink.
- CVE-2016-5225: CSP bypass in Blink.
- CVE-2016-5224: Same-origin bypass in SVG
- CVE-2016-9652: Various fixes from internal audits, fuzzing and other
initiatives
* Upstream release of 54.0.2840.100:
- CVE-2016-5199: Heap corruption in FFmpeg.
- CVE-2016-5200: Out of bounds memory access in V8.
- CVE-2016-5201: Info leak in extensions.
- CVE-2016-5202: Various fixes from internal audits, fuzzing and other
initiatives
* Move to using GN to build chromium.
- debian/known_gn_gen_args
- debian/rules
patches
* debian/rules, lintians, installs, script: Move component libs out of
libs/, to /usr/lib/chromium-browser/ only.
* debian/patches/do-not-use-bundled-clang: Use clang from path.
* debian/control: Express that binary packages could be on "any"
architecture.
* debian/control: additionally build-dep on libgtk-3-dev
* debian/patches/arm64-support: Fail nicer if aarch64/arm64 mismatch.
* Upstrem release of 54.0.2840.59:
- CVE-2016-5181: Universal XSS in Blink.
- CVE-2016-5182: Heap overflow in Blink.
- CVE-2016-5183: Use after free in PDFium.
- CVE-2016-5184: Use after free in PDFium.
- CVE-2016-5185: Use after free in Blink.
- CVE-2016-5187: URL spoofing.
- CVE-2016-5188: UI spoofing.
- CVE-2016-5192: Cross-origin bypass in Blink.
- CVE-2016-5189: URL spoofing.
- CVE-2016-5186: Out of bounds read in DevTools.
- CVE-2016-5191: Universal XSS in Bookmarks.
- CVE-2016-5190: Use after free in Internals.
- CVE-2016-5193: Scheme bypass.
- CVE-2016-5194: Various fixes from internal audits, fuzzing and other
initiatives
* debian/patches/allow-component-build: Hard-code, override
release -> no component logic.
* debian/known_gyp_flags: Remove old GYP known-flags list.
* debian/default-allocator: Insist on not using tcmalloc allocator.
* debian/rules: Set LDFLAGS to limit memory usage.
* debian/control: Remove extraneous dependencies.
-- Chad MILLER <email address hidden> Sat, 03 Dec 2016 09:55:37 -0500
Available diffs
| Superseded in zesty-proposed |
chromium-browser (55.0.2883.87-0ubuntu1.1326) zesty; urgency=medium
* Upstream release of 55.0.2883.87:
- Change Flash running default to important content only.
* debian/chromium-browser.sh.in: Insert the Flash version if empty and
detectable.
* debian/rules, debian/control: Use gcc/g++ 4.8 to build.
* Upstream release of 55.0.2883.75:
- CVE-2016-9651: Private property access in V8.
- CVE-2016-5208: Universal XSS in Blink.
- CVE-2016-5207: Universal XSS in Blink.
- CVE-2016-5206: Same-origin bypass in PDFium.
- CVE-2016-5205: Universal XSS in Blink.
- CVE-2016-5204: Universal XSS in Blink.
- CVE-2016-5209: Out of bounds write in Blink.
- CVE-2016-5203: Use after free in PDFium.
- CVE-2016-5210: Out of bounds write in PDFium.
- CVE-2016-5212: Local file disclosure in DevTools.
- CVE-2016-5211: Use after free in PDFium.
- CVE-2016-5213: Use after free in V8.
- CVE-2016-5214: File download protection bypass.
- CVE-2016-5216: Use after free in PDFium.
- CVE-2016-5215: Use after free in Webaudio.
- CVE-2016-5217: Use of unvalidated data in PDFium.
- CVE-2016-5218: Address spoofing in Omnibox.
- CVE-2016-5219: Use after free in V8.
- CVE-2016-5221: Integer overflow in ANGLE.
- CVE-2016-5220: Local file access in PDFium.
- CVE-2016-5222: Address spoofing in Omnibox.
- CVE-2016-9650: CSP Referrer disclosure.
- CVE-2016-5223: Integer overflow in PDFium.
- CVE-2016-5226: Limited XSS in Blink.
- CVE-2016-5225: CSP bypass in Blink.
- CVE-2016-5224: Same-origin bypass in SVG
- CVE-2016-9652: Various fixes from internal audits, fuzzing and other
initiatives
* Upstream release of 54.0.2840.100:
- CVE-2016-5199: Heap corruption in FFmpeg.
- CVE-2016-5200: Out of bounds memory access in V8.
- CVE-2016-5201: Info leak in extensions.
- CVE-2016-5202: Various fixes from internal audits, fuzzing and other
initiatives
* Move to using GN to build chromium.
- debian/known_gn_gen_args
- debian/rules
patches
* debian/rules, lintians, installs, script: Move component libs out of
libs/, to /usr/lib/chromium-browser/ only.
* debian/patches/do-not-use-bundled-clang: Use clang from path.
* debian/control: Express that binary packages could be on "any"
architecture.
* debian/control: additionally build-dep on libgtk-3-dev
* debian/patches/arm64-support: Fail nicer if aarch64/arm64 mismatch.
* Upstrem release of 54.0.2840.59:
- CVE-2016-5181: Universal XSS in Blink.
- CVE-2016-5182: Heap overflow in Blink.
- CVE-2016-5183: Use after free in PDFium.
- CVE-2016-5184: Use after free in PDFium.
- CVE-2016-5185: Use after free in Blink.
- CVE-2016-5187: URL spoofing.
- CVE-2016-5188: UI spoofing.
- CVE-2016-5192: Cross-origin bypass in Blink.
- CVE-2016-5189: URL spoofing.
- CVE-2016-5186: Out of bounds read in DevTools.
- CVE-2016-5191: Universal XSS in Bookmarks.
- CVE-2016-5190: Use after free in Internals.
- CVE-2016-5193: Scheme bypass.
- CVE-2016-5194: Various fixes from internal audits, fuzzing and other
initiatives
* debian/patches/allow-component-build: Hard-code, override
release -> no component logic.
* debian/known_gyp_flags: Remove old GYP known-flags list.
* debian/default-allocator: Insist on not using tcmalloc allocator.
* debian/rules: Set LDFLAGS to limit memory usage.
* debian/control: Remove extraneous dependencies.
-- Chad MILLER <email address hidden> Sat, 03 Dec 2016 09:55:37 -0500
Available diffs
chromium-browser (37.0.2062.120-0ubuntu0.12.04.4) precise-security; urgency=medium * debian/patches/nss-324-fix.patch: fix compatibility with nss 3.24. * debian/control: specify libnss3 Depends version. -- Marc Deslauriers <email address hidden> Wed, 07 Dec 2016 14:36:05 -0500
chromium-browser (53.0.2785.143-0ubuntu0.14.04.1.1145) trusty-security; urgency=medium
* debian/patches/defang-ct-timebomb: backport TLS cert invalidity based
on build-time. (LP: #1641380)
-- Chad MILLER <email address hidden> Mon, 14 Nov 2016 10:06:44 -0500
Available diffs
chromium-browser (53.0.2785.143-0ubuntu0.16.04.1.1257) xenial-security; urgency=medium
* debian/patches/defang-ct-timebomb: backport TLS cert invalidity based
on build-time. (LP: #1641380)
-- Chad MILLER <email address hidden> Mon, 14 Nov 2016 10:06:44 -0500
Available diffs
| Superseded in zesty-release |
| Obsolete in yakkety-release |
| Deleted in yakkety-proposed (Reason: moved to release) |
chromium-browser (53.0.2785.143-0ubuntu1.1307) yakkety; urgency=medium
* Upstream release 53.0.2785.143:
- CVE-2016-5177: Use after free in V8.
- CVE-2016-5178: Various fixes from internal audits, fuzzing and other
initiatives.
* Upstream release 53.0.2785.113:
- CVE-2016-5170: Use after free in Blink.
- CVE-2016-5171: Use after free in Blink.
- CVE-2016-5172: Arbitrary Memory Read in v8.
- CVE-2016-5173: Extension resource access.
- CVE-2016-5174: Popup not correctly suppressed.
- CVE-2016-5175: Various fixes from internal audits, fuzzing and other
initiatives.
* Upstream release 53.0.2785.89:
- CVE-2016-5147: Universal XSS in Blink.
- CVE-2016-5148: Universal XSS in Blink.
- CVE-2016-5149: Script injection in extensions.
- CVE-2016-5150: Use after free in Blink.
- CVE-2016-5151: Use after free in PDFium.
- CVE-2016-5152: Heap overflow in PDFium.
- CVE-2016-5153: Use after destruction in Blink.
- CVE-2016-5154: Heap overflow in PDFium.
- CVE-2016-5155: Address bar spoofing.
- CVE-2016-5156: Use after free in event bindings.
- CVE-2016-5157: Heap overflow in PDFium.
- CVE-2016-5158: Heap overflow in PDFium.
- CVE-2016-5159: Heap overflow in PDFium.
- CVE-2016-5161: Type confusion in Blink.
- CVE-2016-5162: Extensions web accessible resources bypass.
- CVE-2016-5163: Address bar spoofing.
- CVE-2016-5164: Universal XSS using DevTools.
- CVE-2016-5165: Script injection in DevTools.
- CVE-2016-5166: SMB Relay Attack via Save Page As.
- CVE-2016-5160: Extensions web accessible resources bypass.
- CVE-2016-5167: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/patches/cups-include-deprecated-ppd, debian/rules: include cups
functions.
* debian/rules, debian/control: Force using gcc-5 compiler.
* Use system libraries for expat, speex, zlib, opus, png, jpeg.
* Also build for arm64 architecture.
* Don't compile in cups support by default on all architectures.
* Upstream release 52.0.2743.116:
- CVE-2016-5141 Address bar spoofing.
- CVE-2016-5142 Use-after-free in Blink.
- CVE-2016-5139 Heap overflow in pdfium.
- CVE-2016-5140 Heap overflow in pdfium.
- CVE-2016-5145 Same origin bypass for images in Blink.
- CVE-2016-5143 Parameter sanitization failure in DevTools.
- CVE-2016-5144 Parameter sanitization failure in DevTools.
- CVE-2016-5146: Various fixes from internal audits, fuzzing and other
initiatives.
* Exclude harfbuzz and libxslt from system-library use.
* Upstream release 52.0.2743.82:
- CVE-2016-1706: Sandbox escape in PPAPI.
- CVE-2016-1707: URL spoofing on iOS.
- CVE-2016-1708: Use-after-free in Extensions.
- CVE-2016-1709: Heap-buffer-overflow in sfntly.
- CVE-2016-1710: Same-origin bypass in Blink.
- CVE-2016-1711: Same-origin bypass in Blink.
- CVE-2016-5127: Use-after-free in Blink.
- CVE-2016-5128: Same-origin bypass in V8.
- CVE-2016-5129: Memory corruption in V8.
- CVE-2016-5130: URL spoofing.
- CVE-2016-5131: Use-after-free in libxml.
- CVE-2016-5132: Limited same-origin bypass in Service Workers.
- CVE-2016-5133: Origin confusion in proxy authentication.
- CVE-2016-5134: URL leakage via PAC script.
- CVE-2016-5135: Content-Security-Policy bypass.
- CVE-2016-5136: Use after free in extensions.
- CVE-2016-5137: History sniffing with HSTS and CSP.
- CVE-2016-1705: Various fixes from internal audits, fuzzing and other
initiatives
* Upstream release 51.0.2704.106
* Upstream release 51.0.2704.103:
- CVE-2016-1704: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/control: remvove build-dep on clang.
* debian/rules: Disable Google Now. Creepy. Might mean downloads of opaque
programs too.
* debian/rules: Disable Wallet service.
* debian/rules: Remove precise-specific conditions. More simple.
* debian/rules: In install-validation, don't use mktemp. Hard-code
destination.
* debian/patches/gsettings-display-scaling: Disable because code moved and
needs refactoring.
* debian/patches/display-scaling-default-value: Disable because probbly not
needed any more.
* debian/rules: widevine cdm is not really available in this source. No
longer lie about that.
* Set new GOOG keys to bisect service overuse problem.
* debian/patches/linux45-madvfree: If MADV_FREE is not defined, do not allow
it in sandbox filter. Also, undefine it so we don't use MADV_FREE and
thereby depend on it at runtime.
* debian/rules: Use gold ld to link.
* debian/rules: Kill delete-null-pointer-checks. In the javascript engine,
we can not assume a memory access to address zero always results in a
trap.
* debian/patches/gsettings-display-scaling,
debian/patches/display-scaling-default-value, reenable DPI scaling taken
from dconf.
* debian/rules: explicitly set target arch for arm64.
* debian/patches/series, debian/rules: Re-enable widevine component.
-- Chad MILLER <email address hidden> Thu, 29 Sep 2016 16:54:11 -0400
Available diffs
chromium-browser (53.0.2785.143-0ubuntu0.14.04.1.1142) trusty-security; urgency=medium
* Upstream release 53.0.2785.143:
- CVE-2016-5177: Use after free in V8.
- CVE-2016-5178: Various fixes from internal audits, fuzzing and other
initiatives.
* Upstream release 53.0.2785.113:
- CVE-2016-5170: Use after free in Blink.
- CVE-2016-5171: Use after free in Blink.
- CVE-2016-5172: Arbitrary Memory Read in v8.
- CVE-2016-5173: Extension resource access.
- CVE-2016-5174: Popup not correctly suppressed.
- CVE-2016-5175: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/rules: Use gold ld to link.
* debian/rules: Kill delete-null-pointer-checks. In the javascript engine,
we can not assume a memory access to address zero always results in a
trap.
* debian/patches/gsettings-display-scaling,
debian/patches/display-scaling-default-value, reenable DPI scaling taken
from dconf.
* debian/rules: explicitly set target arch for arm64.
* debian/control, debian/rules: re-add -dbg transitional packages.
* Upstream release 53.0.2785.89:
- CVE-2016-5147: Universal XSS in Blink.
- CVE-2016-5148: Universal XSS in Blink.
- CVE-2016-5149: Script injection in extensions.
- CVE-2016-5150: Use after free in Blink.
- CVE-2016-5151: Use after free in PDFium.
- CVE-2016-5152: Heap overflow in PDFium.
- CVE-2016-5153: Use after destruction in Blink.
- CVE-2016-5154: Heap overflow in PDFium.
- CVE-2016-5155: Address bar spoofing.
- CVE-2016-5156: Use after free in event bindings.
- CVE-2016-5157: Heap overflow in PDFium.
- CVE-2016-5158: Heap overflow in PDFium.
- CVE-2016-5159: Heap overflow in PDFium.
- CVE-2016-5161: Type confusion in Blink.
- CVE-2016-5162: Extensions web accessible resources bypass.
- CVE-2016-5163: Address bar spoofing.
- CVE-2016-5164: Universal XSS using DevTools.
- CVE-2016-5165: Script injection in DevTools.
- CVE-2016-5166: SMB Relay Attack via Save Page As.
- CVE-2016-5160: Extensions web accessible resources bypass.
- CVE-2016-5167: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/patches/cups-include-deprecated-ppd, debian/rules: include cups
functions.
* Use system libraries for expat, speex, zlib, opus, png, jpeg.
* Also build for arm64 architecture.
* Don't compile in cups support by default on all architectures.
* debian/control: remvove build-dep on clang.
* debian/patches/linux45-madvfree: If MADV_FREE is not defined, do not allow
it in sandbox filter. Also, undefine it so we don't use MADV_FREE and
thereby depend on it at runtime.
* debian/rules: Use gold ld to link.
* debian/rules: Kill delete-null-pointer-checks. In the javascript engine,
we can not assume a memory access to address zero always results in a
trap.
* debian/patches/series, debian/rules: Re-enable widevine component.
* debian/patches/expat-config: Avoid "memmove does not exist".
-- Chad MILLER <email address hidden> Fri, 16 Sep 2016 12:56:44 -0400
chromium-browser (53.0.2785.143-0ubuntu0.16.04.1.1254) xenial-security; urgency=medium
* Upstream release 53.0.2785.143:
- CVE-2016-5177: Use after free in V8.
- CVE-2016-5178: Various fixes from internal audits, fuzzing and other
initiatives.
* Upstream release 53.0.2785.113:
- CVE-2016-5170: Use after free in Blink.
- CVE-2016-5171: Use after free in Blink.
- CVE-2016-5172: Arbitrary Memory Read in v8.
- CVE-2016-5173: Extension resource access.
- CVE-2016-5174: Popup not correctly suppressed.
- CVE-2016-5175: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/rules: Use gold ld to link.
* debian/rules: Kill delete-null-pointer-checks. In the javascript engine,
we can not assume a memory access to address zero always results in a
trap.
* debian/patches/gsettings-display-scaling,
debian/patches/display-scaling-default-value, reenable DPI scaling taken
from dconf.
* debian/rules: explicitly set target arch for arm64.
* debian/control, debian/rules: re-add -dbg transitional packages.
* Upstream release 53.0.2785.89:
- CVE-2016-5147: Universal XSS in Blink.
- CVE-2016-5148: Universal XSS in Blink.
- CVE-2016-5149: Script injection in extensions.
- CVE-2016-5150: Use after free in Blink.
- CVE-2016-5151: Use after free in PDFium.
- CVE-2016-5152: Heap overflow in PDFium.
- CVE-2016-5153: Use after destruction in Blink.
- CVE-2016-5154: Heap overflow in PDFium.
- CVE-2016-5155: Address bar spoofing.
- CVE-2016-5156: Use after free in event bindings.
- CVE-2016-5157: Heap overflow in PDFium.
- CVE-2016-5158: Heap overflow in PDFium.
- CVE-2016-5159: Heap overflow in PDFium.
- CVE-2016-5161: Type confusion in Blink.
- CVE-2016-5162: Extensions web accessible resources bypass.
- CVE-2016-5163: Address bar spoofing.
- CVE-2016-5164: Universal XSS using DevTools.
- CVE-2016-5165: Script injection in DevTools.
- CVE-2016-5166: SMB Relay Attack via Save Page As.
- CVE-2016-5160: Extensions web accessible resources bypass.
- CVE-2016-5167: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/patches/cups-include-deprecated-ppd, debian/rules: include cups
functions.
* debian/rules, debian/control: Force using gcc-5 compiler.
* Use system libraries for expat, speex, zlib, opus, png, jpeg.
* Also build for arm64 architecture.
* Don't compile in cups support by default on all architectures.
* debian/control: remvove build-dep on clang.
* debian/patches/linux45-madvfree: If MADV_FREE is not defined, do not allow
it in sandbox filter. Also, undefine it so we don't use MADV_FREE and
thereby depend on it at runtime.
* debian/rules: Use gold ld to link.
* debian/rules: Kill delete-null-pointer-checks. In the javascript engine,
we can not assume a memory access to address zero always results in a
trap.
* debian/patches/series, debian/rules: Re-enable widevine component.
-- Chad MILLER <email address hidden> Fri, 16 Sep 2016 12:56:44 -0400
chromium-browser (52.0.2743.116-0ubuntu0.14.04.1.1134) trusty-security; urgency=medium
* Upstream release 52.0.2743.116:
- CVE-2016-5141 Address bar spoofing.
- CVE-2016-5142 Use-after-free in Blink.
- CVE-2016-5139 Heap overflow in pdfium.
- CVE-2016-5140 Heap overflow in pdfium.
- CVE-2016-5145 Same origin bypass for images in Blink.
- CVE-2016-5143 Parameter sanitization failure in DevTools.
- CVE-2016-5144 Parameter sanitization failure in DevTools.
- CVE-2016-5146: Various fixes from internal audits, fuzzing and other
initiatives.
* Exclude harfbuzz from system-library use.
* Upstream release 52.0.2743.82:
- CVE-2016-1706: Sandbox escape in PPAPI.
- CVE-2016-1707: URL spoofing on iOS.
- CVE-2016-1708: Use-after-free in Extensions.
- CVE-2016-1709: Heap-buffer-overflow in sfntly.
- CVE-2016-1710: Same-origin bypass in Blink.
- CVE-2016-1711: Same-origin bypass in Blink.
- CVE-2016-5127: Use-after-free in Blink.
- CVE-2016-5128: Same-origin bypass in V8.
- CVE-2016-5129: Memory corruption in V8.
- CVE-2016-5130: URL spoofing.
- CVE-2016-5131: Use-after-free in libxml.
- CVE-2016-5132: Limited same-origin bypass in Service Workers.
- CVE-2016-5133: Origin confusion in proxy authentication.
- CVE-2016-5134: URL leakage via PAC script.
- CVE-2016-5135: Content-Security-Policy bypass.
- CVE-2016-5136: Use after free in extensions.
- CVE-2016-5137: History sniffing with HSTS and CSP.
- CVE-2016-1705: Various fixes from internal audits, fuzzing and other
initiatives
* Upstream release 51.0.2704.106
* Upstream release 51.0.2704.103:
- CVE-2016-1704: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/control: remvove build-dep on clang.
* Sync many things from debian:
- No longer build remoting, or install its locale files.
- Use many system libraries, adding build-dep on
- libre2-dev,
- yasm,
- libopus-dev,
- zlib1g-dev,
- libspeex-dev,
- libspeechd-dev,
- libexpat1-dev,
- libpng-dev,
- libxml2-dev,
- libjpeg-dev,
- libwebp-dev,
- libxslt-dev,
- libsrtp-dev,
- libjsoncpp-dev,
- libevent-dev,
- Clean up many parts of debian/rules, wrt variable names
- Set hardening on.
- Use gold linker.
- Disable Google Now. Creepy. Might mean downloads of opaque programs too.
- Disable Wallet service.
* debian/compat: Use dh version 9.
* debian/rules: Improve "cd;foo" logic.
* debian/rules: Remove files in tar-copy pipelines, to conserve space. Fixes
build failures in servers.
* debian/rules: Move check steps into install steps. No need to be separate,
and simplifies target names.
* debian/rules: Make en-us locale files less magical, and simplify install.
* debian/rules: Work around change to tar command param order with
--exclude.
* debian/rules: Don't use tcmalloc on armhf.
* debian/rules: Remove precise-specific conditions. More simple.
* debian/rules: In install-validation, don't use mktemp. Hard-code
destination.
* debian/patches/gsettings-display-scaling: Disable because code moved and
needs refactoring.
* debian/patches/display-scaling-default-value: Disable because probbly not
needed any more.
* debian/rules: widevine cdm is not really available in this source. No
longer lie about that.
* Set new GOOG keys to bisect service overuse problem.
-- Chad MILLER <email address hidden> Wed, 24 Aug 2016 13:30:26 -0400
chromium-browser (52.0.2743.116-0ubuntu0.16.04.1.1250) xenial-security; urgency=medium
* Upstream release 52.0.2743.116:
- CVE-2016-5141 Address bar spoofing.
- CVE-2016-5142 Use-after-free in Blink.
- CVE-2016-5139 Heap overflow in pdfium.
- CVE-2016-5140 Heap overflow in pdfium.
- CVE-2016-5145 Same origin bypass for images in Blink.
- CVE-2016-5143 Parameter sanitization failure in DevTools.
- CVE-2016-5144 Parameter sanitization failure in DevTools.
- CVE-2016-5146: Various fixes from internal audits, fuzzing and other
initiatives.
* Exclude harfbuzz from system-library use.
* Upstream release 52.0.2743.82:
- CVE-2016-1706: Sandbox escape in PPAPI.
- CVE-2016-1707: URL spoofing on iOS.
- CVE-2016-1708: Use-after-free in Extensions.
- CVE-2016-1709: Heap-buffer-overflow in sfntly.
- CVE-2016-1710: Same-origin bypass in Blink.
- CVE-2016-1711: Same-origin bypass in Blink.
- CVE-2016-5127: Use-after-free in Blink.
- CVE-2016-5128: Same-origin bypass in V8.
- CVE-2016-5129: Memory corruption in V8.
- CVE-2016-5130: URL spoofing.
- CVE-2016-5131: Use-after-free in libxml.
- CVE-2016-5132: Limited same-origin bypass in Service Workers.
- CVE-2016-5133: Origin confusion in proxy authentication.
- CVE-2016-5134: URL leakage via PAC script.
- CVE-2016-5135: Content-Security-Policy bypass.
- CVE-2016-5136: Use after free in extensions.
- CVE-2016-5137: History sniffing with HSTS and CSP.
- CVE-2016-1705: Various fixes from internal audits, fuzzing and other
initiatives
* Upstream release 51.0.2704.106
* Upstream release 51.0.2704.103:
- CVE-2016-1704: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/control: remvove build-dep on clang.
* Sync many things from debian:
- No longer build remoting, or install its locale files.
- Use many system libraries, adding build-dep on
- libre2-dev,
- yasm,
- libopus-dev,
- zlib1g-dev,
- libspeex-dev,
- libspeechd-dev,
- libexpat1-dev,
- libpng-dev,
- libxml2-dev,
- libjpeg-dev,
- libwebp-dev,
- libxslt-dev,
- libsrtp-dev,
- libjsoncpp-dev,
- libevent-dev,
- Clean up many parts of debian/rules, wrt variable names
- Set hardening on.
- Use gold linker.
- Disable Google Now. Creepy. Might mean downloads of opaque programs too.
- Disable Wallet service.
* debian/compat: Use dh version 9.
* debian/rules: Improve "cd;foo" logic.
* debian/rules: Remove files in tar-copy pipelines, to conserve space. Fixes
build failures in servers.
* debian/rules: Move check steps into install steps. No need to be separate,
and simplifies target names.
* debian/rules: Make en-us locale files less magical, and simplify install.
* debian/rules: Work around change to tar command param order with
--exclude.
* debian/rules: Don't use tcmalloc on armhf.
* debian/rules: Remove precise-specific conditions. More simple.
* debian/rules: In install-validation, don't use mktemp. Hard-code
destination.
* debian/patches/gsettings-display-scaling: Disable because code moved and
needs refactoring.
* debian/patches/display-scaling-default-value: Disable because probbly not
needed any more.
* debian/rules: widevine cdm is not really available in this source. No
longer lie about that.
* Set new GOOG keys to bisect service overuse problem.
-- Chad MILLER <email address hidden> Wed, 24 Aug 2016 13:30:26 -0400
chromium-browser (37.0.2062.120-0ubuntu0.12.04.3) precise-security; urgency=medium
* debian/patches/nss-323-fix.patch: fix compatibility with nss 3.23.
(LP: #1604191)
-- Marc Deslauriers <email address hidden> Mon, 18 Jul 2016 19:46:48 -0400
| 226 → 300 of 614 results | First • Previous • Next • Last |
